1#!/bin/sh -e 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14set -e 15 16. ../conf.sh 17 18set -u 19 20touch empty 21 22Z=cds.test 23 24keyz=$($KEYGEN -q -a $DEFAULT_ALGORITHM $Z) 25key1=$($KEYGEN -q -a $DEFAULT_ALGORITHM -f KSK $Z) 26key2=$($KEYGEN -q -a $DEFAULT_ALGORITHM -f KSK $Z) 27 28idz=$(keyfile_to_key_id $keyz) 29id1=$(keyfile_to_key_id $key1) 30id2=$(keyfile_to_key_id $key2) 31 32cat <<EOF >vars.sh 33Z=$Z 34key1=$key1 35key2=$key2 36idz=$idz 37id1=$id1 38id2=$id2 39EOF 40 41tac() { 42 $PERL -e 'print reverse <>' 43} 44 45convert() { 46 key=$1 47 n=$2 48 $DSFROMKEY -12 $key >DS.$n 49 grep " ${DEFAULT_ALGORITHM_NUMBER} 1 " DS.$n >DS.$n-1 50 grep " ${DEFAULT_ALGORITHM_NUMBER} 2 " DS.$n >DS.$n-2 51 sed 's/ IN DS / IN CDS /' <DS.$n >>CDS.$n 52 sed 's/ IN DS / IN CDS /' <DS.$n-1 >>CDS.$n-1 53 sed 's/ IN DS / IN CDS /' <DS.$n-2 >>CDS.$n-2 54 sed 's/ IN DNSKEY / IN CDNSKEY /' <$key.key >CDNSKEY.$n 55 sed 's/ IN DS / 3600 IN DS /' <DS.$n >DS.ttl$n 56 sed 's/ IN DS / 7200 IN DS /' <DS.$n >DS.ttlong$n 57 tac <DS.$n >DS.rev$n 58} 59convert $key1 1 60convert $key2 2 61 62# consistent order wrt IDs 63sort DS.1 DS.2 >DS.both 64 65cp DS.1 DS.inplace 66$PERL -we 'utime time, time - 7200, "DS.inplace" or die' 67 68mangle="$PERL mangle.pl" 69 70$mangle " IN DS $id1 ${DEFAULT_ALGORITHM_NUMBER} 1 " <DS.1 >DS.broke1 71$mangle " IN DS $id1 ${DEFAULT_ALGORITHM_NUMBER} 2 " <DS.1 >DS.broke2 72$mangle " IN DS $id1 ${DEFAULT_ALGORITHM_NUMBER} [12] " <DS.1 >DS.broke12 73 74sed 's/^/update add / 75$a\ 76send 77' <DS.2 >UP.add2 78 79sed 's/^/update del / 80$a\ 81send 82' <DS.1 >UP.del1 83 84cat UP.add2 UP.del1 | sed 3d >UP.swap 85 86sed 's/ add \(.*\) IN DS / add \1 3600 IN DS /' <UP.swap >UP.swapttl 87 88sign() { 89 cat >db.$1 90 $SIGNER >/dev/null \ 91 -S -O full -o $Z -f sig.$1 db.$1 92} 93 94sign null <<EOF 95\$TTL 1h 96@ SOA localhost. root.localhost. ( 97 1 ; serial 98 1h ; refresh 99 1h ; retry 100 1w ; expiry 101 1h ; minimum 102 ) 103; 104 NS localhost. 105; 106EOF 107 108cat sig.null CDS.1 >brk.unsigned-cds 109 110cat db.null CDS.1 | sign cds.1 111cat db.null CDS.2 | sign cds.2 112cat db.null CDS.1 CDS.2 | sign cds.both 113 114tac <sig.cds.1 >sig.cds.rev1 115 116cat db.null CDNSKEY.2 | sign cdnskey.2 117cat db.null CDS.2 CDNSKEY.2 | sign cds.cdnskey.2 118cat db.null CDS.1 CDNSKEY.2 | sign cds1.cdnskey2 119 120cat db.null CDS.2-1 | sign cds.2.sha1 121cat db.null CDS.2-1 CDNSKEY.2 | sign cds.cdnskey.2.sha1 122 123$mangle '\s+IN\s+RRSIG\s+CDS .* '$idz' '$Z'\. ' \ 124 <sig.cds.1 >brk.rrsig.cds.zsk 125$mangle '\s+IN\s+RRSIG\s+CDS .* '$id1' '$Z'\. ' \ 126 <sig.cds.1 >brk.rrsig.cds.ksk 127 128$mangle " IN CDS $id1 ${DEFAULT_ALGORITHM_NUMBER} 1 " <db.cds.1 \ 129 | sign cds-mangled 130 131bad=$($PERL -le "print ($id1 ^ 255);") 132sed "s/IN CDS $id1 ${DEFAULT_ALGORITHM_NUMBER} 1 /IN CDS $bad ${DEFAULT_ALGORITHM_NUMBER} 1 /" <db.cds.1 \ 133 | sign bad-digests 134 135sed "/IN CDS $id1 ${DEFAULT_ALGORITHM_NUMBER} /p;s//IN CDS $bad $ALTERNATIVE_ALGORITHM_NUMBER /" <db.cds.1 \ 136 | sign bad-algos 137 138rm -f dsset-* 139